package com.home.security.browser.handler;

import com.home.base.core.framework.enums.ResultCodeEnum;
import com.home.base.core.framework.msg.ServerResponse;
import com.home.common.handler.exception.BizException;
import com.home.common.utils.servlet.ServletUtils;
import com.home.security.browser.utils.PermissionUtils;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.UnauthorizedException;
import org.apache.shiro.session.UnknownSessionException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.RestControllerAdvice;
import org.springframework.web.servlet.ModelAndView;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * Description: Shiro 全局同意异常处理
 * Created by 王大宸 on 2021-01-18 15:25
 * Created with IntelliJ IDEA.
 */
@RestControllerAdvice(basePackages = {"com.home"})
public class GlobalShiroAuthExceptionHandler {
    private static final Logger logger = LoggerFactory.getLogger(GlobalShiroAuthExceptionHandler.class);



    /***
     * 功能说明：找不到session,跳转到登录页面
     *
     * @author 王大宸
     * @date 2020/11/10 23:18
     * @param response  response
     * @param ex        ex
     * @return com.home.common.framework.msg.ServerResponse<java.lang.String>
     */
    @ExceptionHandler(UnknownSessionException.class)
    public ServerResponse<String> unknownSessionException(HttpServletResponse response, BizException ex) {
        logger.error(ex.getMessage(), ex);
        response.setStatus(HttpStatus.OK.value());
        return ServerResponse.errStatusMsgDate(ResultCodeEnum.CLIENT_TOKEN_EXCEPTION.getStatus(),
                ResultCodeEnum.CLIENT_TOKEN_EXCEPTION.getMessage(), "/login");
    }

    /***
     * 功能说明：没有操作权限
     *
     * @author 王大宸
     * @date 2020/11/12 13:45
     * @param request  request
     * @param e        e
     * @return java.lang.Object
     */
    @ExceptionHandler(UnauthorizedException.class)
    public Object unauthorizedException(HttpServletRequest request,
                                        UnauthorizedException e) {
        if (ServletUtils.isAjaxRequest(request)) {
            return ServerResponse.errMsg(PermissionUtils.getMsg(e.getMessage()));
        } else {
            ModelAndView modelAndView = new ModelAndView();
            modelAndView.setViewName("error/401");
            return modelAndView;
        }
    }

    /***
     * 功能说明：权限校验失败 如果请求为ajax返回json，普通请求跳转页面
     *
     * @author 王大宸
     * @date 2020/11/12 13:45
     * @param request  request
     * @param e        e
     * @return java.lang.Object
     */
    @ExceptionHandler(AuthorizationException.class)
    public Object handleAuthorizationException(HttpServletRequest request,
                                               AuthorizationException e) {
        if (ServletUtils.isAjaxRequest(request)) {
            return ServerResponse.errMsg(PermissionUtils.getMsg(e.getMessage()));
        } else {
            ModelAndView modelAndView = new ModelAndView();
            modelAndView.setViewName("error/401");
            return modelAndView;
        }
    }
}
